New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Some one uses my IP address to access my site cpanel. how do i STOP IT?
Hello,
Some one uses my IP address to access my site CPanel and adds his email account to my account. How do i stop it or trace his own IP ADDRESS? Because whenever i receive a notification about new email added to my cpanel contact email, the notification shows that some one used my own ip address to add his email contact .
Your help will be highly appreciated
Thank you
Ronnie
Comments
If someone is using your IP address to change private account details then
1) Someone has a trojan /malware on your system and is using it to access your CPanel stuff. In this case, you want to take steps to remove the malware. As a temporary solution, you can use another device to change your password (including email address / cpanel passwords / sql passwords, etc). Personally I suggest a full reformat.
2) Someone on your network / someone within wifi range somehow got your login information and they're changing things. Go slap them and that should fix the issue. If it doesn't, slap them again. Repeat as necessary.
I guess that you're using Dedicated IP for your connection. In that case,
• Trojan or Remoteware is running on your computer. They're changing things.
• You've previously added the email address and forgot about it.
• Your coworker is having fun with you
Hello Black,
Thanks for your quick reply. But isn't there a way to scan my computer to remove the trojan /malware on my computer or get to know his own ip address?
Your help will be highly appreciated
Thank you
Ronnie
Check the actual logs. My notifications show weird IPs all the time, for stuff I even did myself. One time I made an account and my cPanel notification email told me it came from QuickPacket. Short story: I've never had a quickpacket VPN, and I don't use a VPN on my desktop. The server was even hosted at Incero.
Check the log at /usr/local/cpanel/logs/access.log.
Hi sdglhm,
Thanks for your reply. But how do i trace Trojan on my computer or block Remoteware on my computer?
Your help is always appreciated
Thank you
Ronnie
install a av ?
like quick heal, avira
then run a full system scan
then download malware bytes, run a full system scan
then download zemana antilogger - it will help in real time detection of key logger.
also don't forget to change all your passwords including mail, gmail etc
You would have to start logging your network activity on the router level. But even if you find out the remote IP address that connects through your IP, it is probably coming from a proxy, or it's tunneled somehow else. I wouldn't bother unless you wanna have it for the record.
Reformat your machine. Check your router - they can be hacked too.
First download Malware bytes and run a full scan, then download Norton Security/Kaspersky trial and run a full scan
I would not risk it. Do a format on your computer.
Also, make sure your router wifi is secure (change to long pass+ wpa2)
I just fixed an infected computer for my brother-in-law. I tried several antivirus products, but none of them could find the source of the problem. The infected computer kept adding a proxy to the network settings. The only fix that worked was a complete do-over from scratch.
Backup the data to an external drive. Wipe the main drive. Reinstall the OS from scratch. Update everything to current patch levels. Install and update a good antivirus program. Run a full anti-virus scan. Install applications from scratch, and only from trusted sources. Update the applications to current patch levels. Run the full antivirus scan again.
On your external backup:
Run the antivirus scan on your external backup. Look for executables in places where they should not be. Upload and test any suspicious data files in the external backup at VirusTotal.com before restoring or opening them. I would try samples of anything with active content - Microsoft office files, but also check out a few pdfs, jpgs, etc.
When you are done, do a thorough wipe of the backup external drive too.
Even if you are as fastidious and careful as you can be, there is no absolute guarantee that your system is 100% clean. Your computer firmware or external drive USB firmware can be infected in ways that are almost impossible to clean, for example.
Good luck!
Edit: P.S. Yes, I know that antivirus/antimalware products have a poor track record of detecting malware, but it is better than doing nothing. From my own testing, it takes time for antimalware tools to catch up to whatever is current (typically a few days at least). VirusTotal.com provides a way to look at files in real time. Even if a file is "clean", VirusTotal will tell you if someone else has uploaded it, which is grounds for suspicion at the very least.
Hello
Is your password related to your date of birth or name? Does family member or friends know about it? If not do a clean format on your computer. (Backup only 100% needed files to avoid risks.) Also, cPanel uses Root Password for WHM Login, maybe your server host knows your root password and may be logging in?
you really have to clean your computer first, if they are able to get your password. Then change it to something more secure. You can use cpanel itself to block ip from connecting to it. If your provider helps you, you can find the ip he connected from and block it with cphulk